🟠 High  |  Source: Microsoft Security Response Center


A race condition vulnerability in the Windows App Store allows an attacker to gain elevated privileges over a network without authorisation. Race conditions occur when two processes access a shared resource simultaneously in an uncontrolled manner, enabling unintended behaviour to be exploited. This is particularly concerning as the attack can be performed remotely, widening the potential attack surface beyond locally authenticated users.

Security Architect’s Take: Prioritise patching Windows endpoints and Azure-connected systems running the Windows App Store, particularly those exposed to network access. Review network segmentation controls to limit lateral movement opportunities if exploitation occurs prior to patching.

Original advisory: CVE-2026-42900 Microsoft Windows App Store Elevation of Privilege Vulnerability